_declspec(dllexport) int __cdecl ODBG_Plugininit(int ollydbgversion,HWND hw,ulong *features)
{
mainWnd=hw;
Addtolist(0,0,"SilentAttach");
Addtolist(0,-1,"started successfully");
return 0;
}
void module_error(int err)
{
switch (err)
{
case MODULE_BASE_NOT_FOUND:
Flash("Failed to obtain debuggee's ImageBase");
Addtolist(0, 1, "Failed to obtain debuggee's ImageBase");
break;
case MODULE_OUT_OF_RANGE:
Flash("You are not viewing any module");
break;
case MODULE_FILE_MAPPING_FAILURE:
Flash("Failed to create file mapping");
Addtolist(0, 1, "Failed to create file mapping");
break;
case MODULE_FILE_SHARING_VIOLATION:
Flash("Failed to obtain file handle");
Addtolist(0, 1, "Failed to obtain file handle");
break;
default:
break;
}
}
/**
* Called when Ollydbg loads this plugin and requests information.
*
* @param ollydbgversion
* The version of this instance of Ollydbg.
* @param pluginname
* String buffer that should hold the plugin name on return.
* @param pluginversion
* String buffer that should hold the plugin version on return.
*
* @return
* The supported plugin version, should always be PLUGIN_VERSION.
* 0 to report an error and abort loading the plugin.
*/
int ODBG2_Pluginquery(int ollydbgversion, wchar_t pluginname[SHORTNAME], wchar_t pluginversion[SHORTNAME])
{
// Check whether OllyDbg has compatible version. This plugin uses only the
// most basic functions, so this check is done pro forma, just to remind of
// this option.
if(ollydbgversion < MINOLLYDBGVERSION)
{
MessageBox(hwollymain, L"Incompatible Ollydbg Version !", PLUGIN_NAME, MB_OK | MB_ICONERROR | MB_TOPMOST);
return 0;
}
// Report plugin in the log window.
Addtolist(0, 0, PLUGIN_NAME L" v%i.%i.%i " VERSIONCOMPILED, VERSIONHI, VERSIONLO, VERSIONST);
Addtolist(0, 0, L" http://odbgscript.sf.net");
mru.load();
mru.add(L"C:\\Program Files (x86)\\RE\\Olly 2\\Plugins\\Test1.txt");
mru.add(L"C:\\Program Files (x86)\\RE\\Olly 2\\Plugins\\Test2.txt");
mru.add(L"C:\\Program Files (x86)\\RE\\Olly 2\\Plugins\\Test3.txt");
ollylang = new OllyLang();
if(0 != Createsorteddata(&ollylang->wndLog.sorted, // Descriptor of sorted data
sizeof(t_wndlog_data), // Size of single data item
20, // Initial number of allocated items
wndlog_sort_function, // Sorting function
wndlog_dest_function, // Data destructor
0)) // Simple data, no special options
{
return -1;
}
//2 if (Createsorteddata(&(ollylang->wndProg.sorted), sizeof(t_wndprog_data),50,
//2 wndprog_sort_function,wndprog_dest_function, 0) != 0) return -1;
//2 HINSTANCE hinst = (HINSTANCE)GetModuleHandleW(PLUGIN_NAME L".dll");
//2 if (Registerpluginclass(wndprogclass,NULL,hinst,wndprog_winproc)<0) {
//2 return -1;
//2 }
//2 if (Registerpluginclass(wndlogclass,NULL,hinst,wndlog_winproc)<0) {
//2 return -1;
//2 }
//2 if (Plugingetvalue(VAL_RESTOREWINDOWPOS)!=0 && Pluginreadintfromini(hinst, L"Restore Script Log",0)!=0)
// initLogWindow();
//2 if (Plugingetvalue(VAL_RESTOREWINDOWPOS)!=0 && Pluginreadintfromini(hinst, L"Restore Script window",0)!=0)
// initProgTable();
// Report name and version to OllyDbg.
wcscpy(pluginname, PLUGIN_NAME);
swprintf(pluginversion, SHORTNAME, L"%d.%d.%d", VERSIONHI, VERSIONLO, VERSIONST);
return PLUGIN_VERSION;
}
ulong CCmdLog::setidle(ulong id)
{
LPLOGGER logger; ulong flag; if (id <= 0) return 0;
EnterCriticalSection(&m_csShare);
logger = reinterpret_cast<LPLOGGER>(
Findsorteddata(&m_Table.sorted, id, 0)
);
if (logger == nullptr) {
flag = LOGGER_FLAG_NONE;
Addtolist (
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Can't find the logger %d"), id
);
} else {
flag = logger->flag;
logger->flag = LOGGER_FLAG_IDLE;
Addtolist (
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Set idle for %d"), id
);
}
LeaveCriticalSection(&m_csShare);
return flag;
}
BOOL OllyPython_Init(void)
{
char initfile[MAX_PATH];
char tmp[MAX_PATH+16];
BOOL result = 1;
if (initialized == 1)
{
return TRUE;
}
Addtolist(0, 0, "OllyPython");
result &= CheckFile("init.py");
result &= CheckFile("ollyapi.py");
result &= CheckFile("ollyutils.py");
if (!result)
{
Addtolist(0, -1, " Could not locate Python scripts");
return FALSE;
}
Py_Initialize();
if (!Py_IsInitialized())
{
Addtolist(0, -1, " Could not initialize Python");
return FALSE;
}
init_ollyapi();
GetModuleFileName(hinst, initfile, MAX_PATH);
PathRemoveFileSpec(initfile);
strncat(initfile, "\\python", 7);
snprintf(tmp, MAX_PATH+16, "OLLYPYTHON_PATH=\"%s\"", initfile);
PyRun_SimpleString(tmp);
strncat(initfile, "\\init.py", 8);
if (!ExecFile(initfile))
{
Addtolist(0, -1, " Could not run init.py");
return FALSE;
}
#ifdef ENABLE_PYTHON_PROFILING
PyEval_SetTrace(tracefunc, NULL);
#endif
initialized = 1;
return TRUE;
}
void CDllMain::PluginReset(void)
{
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Enter Reset function 'CDllMain::PluginReset'")
);
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Leave Reset function 'CDllMain::PluginReset'")
);
}
int _export cdecl ODBG_Plugininit(int ollydbgversion, HWND hw, ULONG *features)
{
TCHAR path[MAX_PATH];
g_Config = config_parse(config_locate(path));
g_hInstance = GetModuleHandle(NULL);
g_hwndOlly = hw;
g_SessionStarted = FALSE;
g_Autoloaded = FALSE;
Addtolist(0, 0, "mapimp plugin v0.9");
Addtolist(0, -1, " tPORt, 2009-2010");
return 0;
}
void CDllMain::PluginDestroy(void)
{
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Enter Destroy Function 'CDllMain::PluginDestroy'")
);
// Destory command bar .
m_cCmdBar.Destroy();
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Leave Destroy Function 'CDllMain::PluginDestroy'")
);
}
extc int _export cdecl ODBG_Plugininit(int ollydbgversion, HWND hw, ulong *features)
{
// Check that version of OllyDbg is correct.
if (ollydbgversion < PLUGIN_VERSION)
return -1;
// Keep handle of main OllyDbg window. This handle is necessary, for
// example, to display a message box.
hwmain = hw;
Addtolist(0, 0, "Malicious code extraction plugin v1.0");
Addtolist(0, -1, " Copyright (C) 2009 Tadas Vilkeliskis");
Addtolist(0, -1, " Stevens Institute of Technology");
return 0;
}
ulong CCmdLog::clear(void)
{
m_Table.offset = m_Table.sorted.selected = m_Table.xshift = 0;
EnterCriticalSection(&m_csShare);
ulong begin = -1, count = 0, end; LPLOGGER plog; m_nNextId = 0;
for (int pos = 0; pos < m_Table.sorted.n; ++pos) {
plog = reinterpret_cast<LPLOGGER> (
Getsortedbyindex(&m_Table.sorted, pos)
); // logger->addr = pos;
if (plog->flag & LOGGER_FLAG_IDLE) {
m_Table.custommode -= plog->rows; ++ count;
}
if (begin == -1) {
if (plog->flag & LOGGER_FLAG_IDLE) {
begin = plog->addr;
}
} else {
if (plog->flag & LOGGER_FLAG_BUSY) {
end = plog->addr; pos -= count + 1;
Addtolist(1,1,text("begin: %x, end: %x"),begin,end);
Deletesorteddatarange(&m_Table.sorted, begin, end);
if (!m_nNextId) m_nNextId = begin; begin = -1;
}
}
} if (begin != -1) {
if (!m_nNextId) m_nNextId = begin; end = plog->addr + 1;
Deletesorteddatarange(&m_Table.sorted, begin, end);
}
LeaveCriticalSection(&m_csShare);
Updatetable(&m_Table, false); return count;
}
extc int _export cdecl ODBG_Plugininit(int ollydbgversion,HWND hw,ulong *features) {
if(ollydbgversion<PLUGIN_VERSION)
return -1;
hwmain=hw;
InitCommonControls();
Addtolist(0,0,dllname);
return 0;
};
extc int ODBG_Pluginshortcut(int origin,int ctrl,int alt,int shift,int key,void *item) {
switch (origin) {
case PM_MAIN:
if (key==VK_PAUSE) {
//will pause when running on give focus to script window
focusonstop=4;
ollylang->Pause();
script_state = ollylang->script_state;
// SetForegroundWindow(ollylang->wndProg.hw);
// SetFocus(ollylang->wndProg.hw);
}
break; //This function is usually called twice
case PM_DISASM:
break;
/*
PM_MAIN item is always NULL Main window
PM_DUMP (t_dump *) Any Dump window
PM_MODULES (t_module *) Modules window
PM_MEMORY (t_memory *) Memory window
PM_THREADS (t_thread *) Threads window
PM_BREAKPOINTS (t_bpoint *) Breakpoints window
PM_REFERENCES (t_ref *) References window
PM_RTRACE (int *) Run trace window
PM_WATCHES (1-based index) Watches window
PM_WINDOWS (t_window *) Windows window
PM_DISASM (t_dump *) CPU Disassembler
PM_CPUDUMP (t_dump *) CPU Dump
PM_CPUSTACK (t_dump *) CPU Stack
PM_CPUREGS (t_reg *) CPU Registers
*/
case PM_DUMP:
{
if (key==VK_F5) {
//Used to retrieve t_dump after OPENDUMP
t_dump * pd;
pd=(t_dump *)item;
if (pd && pd->table.hw != 0) {
ollylang->dumpWindows[pd->table.hw] = pd;
}
return 1;
}
}
default:
//if (key==VK_F8 && shift==0 && ctrl==0) {
#ifdef _DEBUG
char* data = new char[256];
sprintf(data,"ODBG_Pluginshortcut %d %d",origin,key);
Addtolist(0, -1, data );
delete[] data;
return 0;
#endif
;
}
return 0;
}
extc _export cdecl int ODBG_Plugininit(int ollydbgversion,HWND hw,ulong *features)
{
if( ollydbgversion < PLUGIN_VERSION )
return -1;
odghwnd = hw;
Addtolist(0,0,"OllyGAL ver 0.1 powered by fenchang2047");
hHeap = GetProcessHeap();
return 0;
}
// OllyDbg calls this obligatory function once during startup. Place all
// one-time initializations here. If all resources are successfully allocated,
// function must return 0. On error, it must free partially allocated resources
// and return -1, in this case plugin will be removed. Parameter ollydbgversion
// is the version of OllyDbg, use it to assure that it is compatible with your
// plugin; hw is the handle of main OllyDbg window, keep it if necessary.
// Parameter features is reserved for future extentions, do not use it.
extc int _export cdecl ODBG_Plugininit(int ollydbgversion, HWND hw, ulong *features)
{
// This plugin uses all the newest features, check that version of OllyDbg is
// correct. I will try to keep backward compatibility at least to v1.99.
if (ollydbgversion < PLUGIN_VERSION)
return -1;
// Keep handle of main OllyDbg window. This handle is necessary, for example,
// to display message box.
hwmain = hw;
// Initialize bookmark data. Data consists of elements of type t_bookmark,
// we reserve space for 10 elements. If necessary, table will allocate more
// space, but in our case maximal number of bookmarks is 10. Elements do not
// allocate memory or other resources, so destructor is not necessary.
if (Createsorteddata(&(bookmark.data), "Bookmarks",
sizeof(t_bookmark), 10, (SORTFUNC *)Bookmarksortfunc, NULL) != 0)
return -1; // Unable to allocate bookmark data
// Register window class for MDI window that will display plugins. Please
// note that formally this class belongs to instance of main OllyDbg program,
// not a plugin DLL. String bookmarkwinclass gets unique name of new class.
// Keep it to create window and unregister on shutdown.
if (Registerpluginclass(bookmarkwinclass, NULL, hinst, Bookmarkwinproc) < 0)
{
// Failure! Destroy sorted data and exit.
Destroysorteddata(&(bookmark.data));
return -1;
};
// Plugin successfully initialized. Now is the best time to report this fact
// to the log window. To conform OllyDbg look and feel, please use two lines.
// The first, in black, should describe plugin, the second, gray and indented
// by two characters, bears copyright notice.
Addtolist(0, 0, "Bookmarks sample plugin v1.10 (plugin demo)");
Addtolist(0, -1, " Copyright (C) 2001-2004 Oleh Yuschuk & Piérrot !");
// OllyDbg saves positions of plugin windows with attribute TABLE_SAVEPOS to
// the .ini file but does not automatically restore them. Let us add this
// functionality here. I keep information whether window was open when
// OllyDbg terminated also in ollydbg.ini. This information is saved in
// ODBG_Pluginclose. To conform to OllyDbg norms, window is restored only
// if corresponding option is enabled.
if (Plugingetvalue(VAL_RESTOREWINDOWPOS) != 0 &&
Pluginreadintfromini(hinst, "Restore bookmarks window", 0) != 0)
Createbookmarkwindow();
return 0;
};
bool CCmdLog::initcon()
{
// Create notification event ..
if (m_hNotify == nullptr) {
if ( (m_hNotify = CreateEvent(nullptr, true, false, nullptr)
) == nullptr) {
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Fail to create notification event .")
); m_hNotify = nullptr; return false;
}
}
// Create name pipe to capture the output of tools .
if (m_hPipeRd == nullptr && m_hPipeWr == nullptr) {
SECURITY_ATTRIBUTES sa = {sizeof(SECURITY_ATTRIBUTES)};
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = true; sa.lpSecurityDescriptor = nullptr;
if (!CreatePipe(&m_hPipeRd, &m_hPipeWr, &sa, 0)) {
m_hPipeRd = m_hPipeWr = nullptr;
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Fail to create pipe to redirect output")
); return false;
}
SetHandleInformation(m_hPipeRd, HANDLE_FLAG_INHERIT, 0);
}
// Create a thread to capture output ..
if (m_hPipeCb == INVALID_HANDLE_VALUE && m_dPipeCb == 0) {
if ( (m_hPipeCb = CreateThread (
nullptr, 0, CCmdLog::PipeProc, this, 0, &m_dPipeCb
)) == INVALID_HANDLE_VALUE ) {
m_hPipeCb = INVALID_HANDLE_VALUE; m_dPipeCb = 0;
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Fail to create thread 'CCmdLog::PipeProc'")
); return false;
}
}
return true;
}
int __declspec(dllexport) __cdecl ODBG_Plugininit (int OllyDbgVer, HWND hWnd, ulong *pFeatures)
{
if (OllyDbgVer < PLUGIN_VERSION) {
Addtolist(0, 0, "OllySnake not compitable with the current olly version ");
return -1;
}
CoInitialize(NULL);
g_hMainOllyWnd = hWnd;
Addtolist(0, 0, " OllyEye Plug-in compiled on " __DATE__);
Addtolist(0, -1, " Copyright (c) 2008 Jospeh Moti (www.websense.com) & Kobi Pariente ");
return 0;
}
extc void _export cdecl ODBG_Pluginaction(int origin,int action,void *item) {
switch(origin) {
case PM_CPUDUMP:{
pdump=(t_dump *)item;
if(pdump->sel0==0 || pdump->sel1==0 ||pdump->sel1-pdump->sel0==0) break;
Addtolist(0,-1,"in PM_CPUDUMP sel0:%08X",pdump->sel0);
DialogBoxParam(hinst,MAKEINTRESOURCE(IDD_DIALOG1),hwmain,(DLGPROC)DlgProc,(LPARAM)0);
}break;
default:
break;
}
}
bool CCmdLog::create()
{
if (m_Table.hw != nullptr) return true;
if ( Createtablewindow(
&m_Table, 0, m_Table.bar.nbar, NULL, TEXT("ICO_L"), LOGNAME
) == nullptr ) {
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Fail to create logger window .")
); return false;
} else return true;
}
// OllyDbg calls this obligatory function once during startup. I place all
// one-time initializations here. Parameter features is reserved for future
// extentions, do not use it.
extc int _export cdecl ODBG_Plugininit(int ollydbgversion, HWND hw, ulong *features)
{
HINSTANCE hinst;
if(ollydbgversion < PLUGIN_VERSION) {
MessageBox(hwndOllyDbg(), "Incompatible Ollydbg Version !", "ODbgScript", MB_OK | MB_ICONERROR | MB_TOPMOST);
return -1;
}
// Report plugin in the log window.
Addtolist(0, 0, "ODbgScript v%i.%i.%i",VERSIONHI,VERSIONLO,VERSIONST);
Addtolist(0, -1," http://odbgscript.sf.net");
ollylang = new OllyLang();
if (Createsorteddata(&ollylang->wndProg.data,"ODbgScript Data",
sizeof(t_wndprog_data),50, (SORTFUNC *)wndprog_sort_function,NULL)!=0)
return -1;
if (Createsorteddata(&ollylang->wndLog.data,"ODbgScript Log",
sizeof(t_wndlog_data),20, (SORTFUNC *)wndlog_sort_function,NULL)!=0)
return -1;
hinst = hinstModule();
if (Registerpluginclass(wndprogclass,NULL,hinst,wndprog_winproc)<0) {
return -1;
}
if (Registerpluginclass(wndlogclass,NULL,hinst,wndlog_winproc)<0) {
return -1;
}
if (Plugingetvalue(VAL_RESTOREWINDOWPOS)!=0 && Pluginreadintfromini(hinst,"Restore Script Log",0)!=0)
initLogWindow();
if (Plugingetvalue(VAL_RESTOREWINDOWPOS)!=0 && Pluginreadintfromini(hinst,"Restore Script window",0)!=0)
initProgTable();
return 0;
}
bool CCmdLog::InitLog()
{
// Create sorted data ..
if (Issortedinit(&(m_Table.sorted)) == 0) {
if ( Createsorteddata (
&(m_Table.sorted), // Descriptor of sorted data
sizeof(LOGGER), // Size of single data item
10, // Initial number of allocated items
(SORTFUNC *)CCmdLog::SortProc, // Sorting function
(DESTFUNC *)CCmdLog::DestProc, // Data destructor
SDM_NOSIZE|SDM_INDEXED
) != 0 ) {
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Fail to create logger sorted data .")
); return false;
} else InitializeCriticalSection(&m_csShare);
}
// Initialize pipe logging system ..
if (initcon() == 0) {
Addtolist( // We don't care if it success ...
reinterpret_cast<ulong>(GetRetAddr()), DRAW_NORMAL,
text("Fail to initialize pipe connect")
); return false;
}
// Create the logger window ..
if ( Create() == false ) {
Addtolist( // We don't care if it success ...
reinterpret_cast<ulong>(GetRetAddr()), DRAW_NORMAL,
text("Fail to create the logger window")
);
}
// All done ....
return true;
}
DWORD WINAPI execute_python_script(LPVOID param)
{
wchar_t *path = (wchar_t*)param;
Addtolist(0, WHITE, NAME_PLUGIN L" Trying to execute the script located here: '%s'..", path);
std::wstring pathW(path);
std::string pathA(widechar_to_multibytes(pathW));
PyObject* PyFileObject = PyFile_FromString((char*)pathA.c_str(), "r");
if(PyFileObject == NULL)
{
Addtolist(0, RED, NAME_PLUGIN L" Your file doesn't exist.");
goto clean;
}
PyRun_SimpleFile(PyFile_AsFile(PyFileObject), (char*)pathA.c_str());
Addtolist(0, WHITE, NAME_PLUGIN L" Execution is done!");
clean:
free(path);
return 1;
}
extc int _export cdecl ODBG_Plugininit(int ollydbgversion, HWND hw, ulong* features)
{
if (ollydbgversion < PLUGIN_VERSION)
return -1;
hwMain = hw;
Labeless& ll = Labeless::instance();
ll.setPort(WORD(Pluginreadintfromini(ll.hInstance(), "port", ll.port())));
char buff[MAX_PATH] = {};
Pluginreadstringfromini(ll.hInstance(), "filer_ip", buff, "");
ll.setFilterIP(buff);
if (!Labeless::instance().init())
{
log_r("labeless::init() failed.");
return -1;
}
Addtolist(0, 0, "Labeless");
Addtolist(0, -1, " Written by Aliaksandr Trafimchuk");
return 0;
}
// OllyDbg calls this obligatory function once during startup. Place all
// one-time initializations here. If all resources are successfully allocated,
// function must return 0. On error, it must free partially allocated resources
// and return -1, in this case plugin will be removed.
extc int _export cdecl ODBG_Plugininit( int ollydbgversion,HWND hw,ulong *features) {
// This plugin uses all the newest features, check that version of OllyDbg is
// correct. I will try to keep backward compatibility at least to v1.99.
if (ollydbgversion<PLUGIN_VERSION)
return -1;
// Keep handle of main OllyDbg window. This handle is necessary, for example,
// to display message box.
hwmain=hw;
coninfo = new CON_INFO; //initialize connection info struct
strcpy(coninfo->server_addr, "127.0.0.1");
strcpy(coninfo->portString, "5041");
strcpy(coninfo->username, "user");
coninfo->project[0] = NULL;
Addtolist(0,0,""PLUGIN_NAME" plugin v"VERSION" initialized. Compiled on " __DATE__ "");
Addtolist(0,-1," Copyright (C) 2005 Andrew Hintz, http://guh.nu");
return 0;
};
int CPython::ExecFunc(const std::vector<std::wstring> &argv, std::wstring &err, HANDLE hfile)
{
std::vector<std::wstring>::const_iterator itr, eitr;
itr = argv.cbegin(); eitr = argv.cend(); err = *itr;
if (argv.size() <= 0) {
err = text("No python command function found"); return 1;
}
err.push_back(text('('));
for (++itr; itr != eitr; ++itr) {
err.append(*itr); err.push_back(text(','));
}
if (err.back() == text(',')) err.pop_back();
err.push_back(text(')'));
Addtolist(1,1,text("Execute Function: %s"),err.c_str());
int id = 0; FILE *pfile = nullptr; DWORD count = 0;
PyObject *poldout, *polderr, *pnewout, *pnewerr;
if (DuplicateHandle (
GetCurrentProcess(), hfile, GetCurrentProcess(), &hfile,
0, false, DUPLICATE_SAME_ACCESS
)) {
id = open_osfhandle((intptr_t)hfile, _O_WRONLY);
pfile = fdopen(id,"w"); setvbuf(pfile,nullptr,_IONBF,1024);
poldout = PySys_GetObject("stdout");
polderr = PySys_GetObject("stderr");
pnewout = PyFile_FromFile(pfile, "logger", "w", nullptr);
pnewerr = PyFile_FromFile(pfile, "logger", "w", nullptr);
PySys_SetObject("stdout", pnewout);
PySys_SetObject("stderr", pnewerr);
} else poldout = polderr = pnewout = pnewerr = nullptr;
std::wstring_convert<std::codecvt_utf8_utf16<wchar>> cvt;
std::string str = cvt.to_bytes(err);
std::size_t pos = str.find(text('.'));
if (pos != std::string::npos) {
std::string mod = str.substr(0, pos);
PyObject* dest = PyImport_ImportModule(mod.c_str());
PyObject* main = PyImport_AddModule("__main__");
PyObject_SetAttrString(main, mod.c_str(), dest);
}
str.insert(0, "print ");
int irslt = PyRun_SimpleString(str.c_str());
if (irslt != 0) err = text("Internal error that PyRun_SimpleString fail");
else err = text("Execute python function successfully ..");
if (pnewout != nullptr) PySys_SetObject("stdout", poldout);
if (pnewerr != nullptr) PySys_SetObject("stderr", polderr);
if (pfile != nullptr) fclose(pfile); return irslt;
}
bool CCmdLog::Create()
{
::wcscpy_s(m_Table.name, SHORTNAME, LOGNAME); // name .
m_Table.mode = TABLE_SAVEALL|TABLE_USERDEF|TABLE_RIGHTSEL;
m_Table.subtype = 0; // not figure out yet ..
m_Table.bottomspace = m_Table.minwidth = 0;
m_Table.tabfunc = CCmdLog::TableProc;
m_Table.drawfunc = CCmdLog::DrawProc;
//m_Table.updatefunc = CCmdLog::UpdateProc;
//m_Table.tableselfunc = CCmdLog::TabSelProc;
m_Table.menu = m_pMenu + 0;
m_Table.custommode = 0;
m_Table.customdata = this;
// Now, initialize the t_bar ..
m_Table.bar.nbar = 5;
m_Table.bar.visible = 1;
m_Table.bar.name[0] = TEXT("No");
m_Table.bar.expl[0] = TEXT("The logging item");
m_Table.bar.mode[0] = BAR_SORT;
m_Table.bar.defdx[0] = 5 * 1;
m_Table.bar.name[1] = TEXT("Time");
m_Table.bar.expl[1] = TEXT("The logging time");
m_Table.bar.mode[1] = BAR_SORT;
m_Table.bar.defdx[1] = 5 * 3;
m_Table.bar.name[2] = TEXT("Type");
m_Table.bar.expl[2] = TEXT("The logging type");
m_Table.bar.mode[2] = BAR_SORT;
m_Table.bar.defdx[2] = 5 * 2;
m_Table.bar.name[3] = TEXT("Code");
m_Table.bar.expl[3] = TEXT("The replied error code");
m_Table.bar.mode[3] = BAR_SORT;
m_Table.bar.defdx[3] = 5 * 1;
m_Table.bar.name[4] = TEXT("Echo");
m_Table.bar.expl[4] = TEXT("The replied message");
m_Table.bar.mode[4] = BAR_BUTTON;
m_Table.bar.defdx[4] = 5 * 50;
if ( Createtablewindow(
&m_Table, 0, m_Table.bar.nbar, NULL, TEXT("ICO_L"), LOGNAME
) == nullptr ) {
Addtolist( // .................
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Fail to create logger window .")
); return false;
} else return true;
}
int tracefunc(PyObject *obj, PyFrameObject *frame, int what, PyObject *arg)
{
PyObject *str;
/* Catch line change events. */
/* Print the filename and line number */
if (what == PyTrace_LINE)
{
str = PyObject_Str(frame->f_code->co_filename);
if (str)
{
Addtolist(0, -1, "PROFILING: %s:%d", PyString_AsString(str), frame->f_lineno);
Py_DECREF(str);
}
}
return 0;
}
/*
This routine is required by the OllyDBG plugin engine!
*/
extc int __cdecl ODBG2_Pluginquery(int ollydbgversion, ulong *features, wchar_t pluginname[SHORTNAME], wchar_t pluginversion[SHORTNAME])
{
// Yeah, the plugin interface in the v1/v2 are different
if(ollydbgversion < 201)
return 0;
// Set plugin name and version
wcscpy_s(pluginname, SHORTNAME, L"python-loader");
wcscpy_s(pluginversion, SHORTNAME, L"v0.1");
// Initialize the python environment, prepare the hooks
Py_Initialize();
PyEval_InitThreads();
Addtolist(0x31337, RED, NAME_PLUGIN L" Plugin fully initialized.");
return PLUGIN_VERSION;
}
int handle_menu(t_table* pTable, wchar_t* pName, ulong index, int nMode)
{
if(nMode == MENU_VERIFY)
return MENU_NORMAL;
else if(nMode == MENU_EXECUTE)
{
switch(index)
{
case MENU_LOAD_SCRIPT_IDX:
{
spawn_window();
break;
}
case MENU_ABOUT_IDX:
{
MessageBox(
hwollymain,
L"python loader",
L"About python-loader",
MB_OK| MB_ICONINFORMATION
);
break;
}
case MENU_CMDLINE_IDX:
{
if(CreateCommandLineWindow(hwollymain, g_hinst) == FALSE)
Addtolist(0x31337, RED, NAME_PLUGIN L" The command-line window can't be created.");
break;
}
default:
break;
}
return MENU_NOREDRAW;
}
else
return MENU_ABSENT;
}
int ODBG2_Plugininit(void)
{
if(Createsorteddata(&handletable.sorted, sizeof(HANDLE_DATA), 1, NULL , NULL, SDM_NOSIZE) != 0)
{
Addtolist(0, DRAW_HILITE, L"[%s]: Unable to created sorted table data.", PLUGIN_NAME);
return -1;
}
StrcopyW(handletable.name,SHORTNAME,PLUGIN_NAME);
handletable.mode = TABLE_SAVEPOS | TABLE_AUTOUPD;
handletable.bar.visible = 1;
handletable.bar.name[0] = L"Handle";
handletable.bar.expl[0] = L"";
handletable.bar.mode[0] = BAR_FLAT;
handletable.bar.defdx[0] = 24;
handletable.bar.name[1] = L"Type";
handletable.bar.expl[1] = L"";
handletable.bar.mode[1] = BAR_FLAT;
handletable.bar.defdx[1] = 30;
handletable.bar.name[2] = L"Name";
handletable.bar.expl[2] = L"";
handletable.bar.mode[2] = BAR_FLAT;
handletable.bar.defdx[2] = 256;
handletable.bar.nbar = 3;
handletable.tabfunc = (TABFUNC*)handletable_proc;
handletable.custommode = 0;
handletable.customdata = NULL;
handletable.updatefunc = NULL;
handletable.drawfunc = (DRAWFUNC *)handletable_draw;
handletable.tableselfunc = NULL;
handletable.menu = (t_menu*)handlesmenu;
return 0;
}
DWORD WINAPI CCmdLog::PipeProc(LPVOID lpParam)
{
std::string str; std::wstring wstr;
DWORD count = 0; char buffer[TEXTLEN*2] = {0};
PIPEMSG msge = {-1, 0, nullptr, -1}; PPIPEMSG pmsg;
CCmdLog *pthis = reinterpret_cast<CCmdLog*>(lpParam);
std::wstring_convert<std::codecvt_utf8_utf16<wchar>> cvt;
Addtolist (
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Enter thread 'CCmdLog::PipeProc'")
);
for (size_t pos = std::string::npos; ;) {
// Sleep(10000); continue;
bool brslt = ReadFile ( // ....
m_hPipeRd, buffer, sizeof(buffer), &count, nullptr
) == TRUE;
if (brslt == false || count == 0) break;
str.append(buffer,count); if (count>=sizeof(buffer)) continue;
//
// Search it each time means it's a terrible synchronization
// design, but it seems that anonymous pipe is not suitable
// to do this...
//
if (str.length() >= sizeof(msge)) {
// Usually, the read/write operation is not too frequent,
// and the size of output data is less than TEXTLEN*2,
// the beginning of buffer is actually the pipe message .
// This checking can make it faster ..
char *pbuffer = const_cast<char*>(str.c_str());
pmsg = reinterpret_cast<PPIPEMSG>(pbuffer);
if (pmsg->start != msge.start || pmsg->end != msge.end) {
pos = str.find( // Try to find a pipe message.
reinterpret_cast<char*>(&msge.start), 1, sizeof(msge.start)
);
if (pos == std::string::npos) pmsg = nullptr;
else {
pmsg = reinterpret_cast<PPIPEMSG>(pbuffer+pos);
if (pmsg->end != msge.end) pmsg = nullptr;
}
} else pos = 0;
// We're requested to exit the loop ..
if (pmsg != nullptr && (pmsg->id==0 || pmsg->id==-1)) {
Addtolist (
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Request to exit the pipe thread ..")
); SetEvent(pmsg->event); break;
}
// Handle the input message ...
if (pos == 0 && pmsg != nullptr) {
wstr = cvt.from_bytes(str.substr(sizeof(msge)));
msge.id = pmsg->id; // Update the new id ..
if (wstr.length()) pthis->msg(msge.id, wstr);
} else if (pos != std::string::npos && pmsg != nullptr) {
wstr = cvt.from_bytes(str.substr(0,pos));
if (wstr.length()) pthis->msg(msge.id, wstr);
msge.id = pmsg->id; // Update the new id ..
wstr = cvt.from_bytes(str.substr(pos+sizeof(msge)));
if (wstr.length()) pthis->msg(msge.id, wstr);
} else {
wstr = cvt.from_bytes(str); pthis->msg(msge.id,wstr);
}
// We're requested to set the notification event .
if (pos != std::string::npos && pmsg) {
Addtolist (
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Request to set the notification event ..")
); SetEvent(pmsg->event);
}
//
// Pipe message can't be less then sizeof(msge) ..
//
} else {
wstr = cvt.from_bytes(str); pthis->msg(msge.id,wstr,true);
}
//
// Clear the string buffer ..
//
str.clear();
}
Addtolist(
reinterpret_cast<ulong>(GetRetAddr()), DRAW_HILITE,
text("Leave thread 'CCmdLog::PipeProc'")
);
return 0;
}
